Uncategorized Documents

Examples

Here you can find a bunch of simple examples for using ct, with some explanations about what they do. The examples here are in no way comprehensive, for a full list of all the options present in ct check out the configuration specification.

Users and groups

This is the human-readable config file. This should not be immediately passed to Container Linux. Learn more.

# This config is meant to be consumed by the config transpiler, which will# generate the corresponding Ignition config. Do not pass this config directly# to instances of Container Linux.passwd:users:-name:corepassword_hash:"$6$43y3tkl..."ssh_authorized_keys:-key1

This is the raw machine configuration, which is not intended for editing. Learn more. Validate the config here.

This is the human-readable config file. This should not be immediately passed to Container Linux. Learn more.

# This config is meant to be consumed by the config transpiler, which will# generate the corresponding Ignition config. Do not pass this config directly# to instances of Container Linux.passwd:users:-name:user1password_hash:"$6$43y3tkl..."ssh_authorized_keys:-key1-key2-name:user2ssh_authorized_keys:-key3

This is the raw machine configuration, which is not intended for editing. Learn more. Validate the config here.

This example will create two users, user1 and user2. The first user has a password set and two ssh public keys authorized to log in as the user. The second user doesn't have a password set (so log in via password will be disabled), but have one ssh key.

This is the human-readable config file. This should not be immediately passed to Container Linux. Learn more.

# This config is meant to be consumed by the config transpiler, which will# generate the corresponding Ignition config. Do not pass this config directly# to instances of Container Linux.passwd:users:-name:user1password_hash:"$6$43y3tkl..."ssh_authorized_keys:-key1create:home_dir:/home/user1no_create_home:truegroups:-wheel-plugdevshell:/bin/zsh

This is the raw machine configuration, which is not intended for editing. Learn more. Validate the config here.

This example creates one user, user1, with the password hash $6$43y3tkl..., and sets up one ssh public key for the user. The user is also given the home directory /home/user1, but it's not created, the user is added to the wheel and plugdev groups, and the user's shell is set to /bin/zsh.

Storage and files

Files

This is the human-readable config file. This should not be immediately passed to Container Linux. Learn more.

# This config is meant to be consumed by the config transpiler, which will# generate the corresponding Ignition config. Do not pass this config directly# to instances of Container Linux.storage:files:-path:/opt/file1filesystem:rootcontents:inline:Hello, world!mode:0644user:id:500group:id:501

This is the raw machine configuration, which is not intended for editing. Learn more. Validate the config here.

This example creates a file at /opt/file with the contents Hello, world!, permissions 0644 (so readable and writable by the owner, and only readable by everyone else), and the file is owned by user uid 500 and gid 501.

This is the human-readable config file. This should not be immediately passed to Container Linux. Learn more.

# This config is meant to be consumed by the config transpiler, which will# generate the corresponding Ignition config. Do not pass this config directly# to instances of Container Linux.storage:files:-path:/opt/file2filesystem:rootcontents:remote:url:http://example.com/file2compression:gzipverification:hash:function:sha512sum:4ee6a9d20cc0e6c7ee187daffa6822bdef7f4cebe109eff44b235f97e45dc3d7a5bb932efc841192e46618f48a6f4f5bc0d15fd74b1038abf46bf4b4fd409f2emode:0644

This is the raw machine configuration, which is not intended for editing. Learn more. Validate the config here.

Filesystems

This is the human-readable config file. This should not be immediately passed to Container Linux. Learn more.

# This config is meant to be consumed by the config transpiler, which will# generate the corresponding Ignition config. Do not pass this config directly# to instances of Container Linux.storage:filesystems:-name:filesystem1mount:device:/dev/disk/by-partlabel/ROOTformat:btrfscreate:force:trueoptions:--L-ROOT

This is the raw machine configuration, which is not intended for editing. Learn more. Validate the config here.

systemd units

This is the human-readable config file. This should not be immediately passed to Container Linux. Learn more.

# This config is meant to be consumed by the config transpiler, which will# generate the corresponding Ignition config. Do not pass this config directly# to instances of Container Linux.systemd:units:-name:etcd-member.servicedropins:-name:conf1.confcontents:|[Service]Environment="ETCD_NAME=infra0"

This is the raw machine configuration, which is not intended for editing. Learn more. Validate the config here.

This is the human-readable config file. This should not be immediately passed to Container Linux. Learn more.

# This config is meant to be consumed by the config transpiler, which will# generate the corresponding Ignition config. Do not pass this config directly# to instances of Container Linux.systemd:units:-name:hello.serviceenable:truecontents:|[Unit]Description=A hello world unit!Type=oneshot[Service]ExecStart=/usr/bin/echo "Hello, World!"[Install]WantedBy=multi-user.target

This is the raw machine configuration, which is not intended for editing. Learn more. Validate the config here.

networkd units

This is the human-readable config file. This should not be immediately passed to Container Linux. Learn more.

# This config is meant to be consumed by the config transpiler, which will# generate the corresponding Ignition config. Do not pass this config directly# to instances of Container Linux.networkd:units:-name:static.networkcontents:|[Match]Name=enp2s0[Network]Address=192.168.0.15/24Gateway=192.168.0.1

This is the raw machine configuration, which is not intended for editing. Learn more. Validate the config here.

This example creates a networkd unit to set the IP address on the enp2s0 interface to the static address 192.168.0.15/24, and sets an appropriate gateway. More information on networkd units in CoreOS can be found in the docs.

etcd

# This config is meant to be consumed by the config transpiler, which will# generate the corresponding Ignition config. Do not pass this config directly# to instances of Container Linux.etcd:version:"3.0.15"name:"{HOSTNAME}"advertise_client_urls:"http://{PRIVATE_IPV4}:2379"initial_advertise_peer_urls:"http://{PRIVATE_IPV4}:2380"listen_client_urls:"http://0.0.0.0:2379"listen_peer_urls:"http://{PRIVATE_IPV4}:2380"initial_cluster:"{HOSTNAME}=http://{PRIVATE_IPV4}:2380"

This is the human-readable, Container Linux Config. This should not be immediately passed to Container Linux. Learn more.

This example will create a dropin for the etcd-member systemd unit, configuring it to use the specified version and adding all the specified options. This will also enable the etcd-member unit.

This is referencing dynamic data that isn't known until an instance is booted. For more information on how this works, please take a look at the referencing dynamic data document.

Updates and Locksmithd

This is the human-readable config file. This should not be immediately passed to Container Linux. Learn more.

# This config is meant to be consumed by the config transpiler, which will# generate the corresponding Ignition config. Do not pass this config directly# to instances of Container Linux.update:group:"beta"locksmith:reboot_strategy:"etcd-lock"window_start:"Sun1:00"window_length:"2h"

This is the raw machine configuration, which is not intended for editing. Learn more. Validate the config here.

This example configures the Container Linux instance to be a member of the beta group, configures locksmithd to acquire a lock in etcd before rebooting for an update, and only allows reboots during a 2 hour window starting at 1 AM on Sundays.